public static function SyncModifyTaskItem($arModifyEventArray) { global $DB; $ID = $arModifyEventArray["ID"]; // sanitize description here $Sanitizer = new CBXSanitizer(); $Sanitizer->SetLevel(CBXSanitizer::SECURE_LEVEL_LOW); $Sanitizer->ApplyHtmlSpecChars(false); $Sanitizer->DeleteSanitizedTags(true); $arModifyEventArray['BODY'] = trim($Sanitizer->SanitizeHtml($arModifyEventArray['BODY'])); $arFields = array("RESPONSIBLE_ID" => $arModifyEventArray["USER_ID"], "SITE_ID" => SITE_ID, "EXCHANGE_ID" => $arModifyEventArray["XML_ID"], "EXCHANGE_MODIFIED" => $arModifyEventArray["MODIFICATION_LABEL"], "TITLE" => $arModifyEventArray["SUBJECT"], "DESCRIPTION" => $arModifyEventArray["BODY"], "DESCRIPTION_IN_BBCODE" => 'N', "CREATED_DATE" => $arModifyEventArray["DATE_CREATE"], "PRIORITY" => self::$PriorityMapping[strtolower($arModifyEventArray["IMPORTANCE"])], "DURATION_FACT" => ceil($arModifyEventArray["ACTUAL_WORK"] / 60), "START_DATE_PLAN" => $arModifyEventArray["START_DATE"], "DEADLINE" => $arModifyEventArray["DUE_DATE"], "STATUS" => self::$StatusMapping[strtolower($arModifyEventArray["STATUS"])], "DURATION_PLAN" => ceil($arModifyEventArray["TOTAL_WORK"] / 60), "DURATION_TYPE" => "hours"); $arExtraFields = array(); if (isset($arModifyEventArray['ExtendedProperty']) && is_array($arModifyEventArray['ExtendedProperty'])) { foreach ($arModifyEventArray['ExtendedProperty'] as $arExtendedProperty) { $arExtraFields[$arExtendedProperty['Name']] = $arExtendedProperty['Value']; } } if ($ID == 0) { $arFields["STATUS_CHANGED_BY"] = $arFields["CHANGED_BY"] = $arFields["CREATED_BY"] = $arFields["RESPONSIBLE_ID"]; $arFields["STATUS_CHANGED_DATE"] = $arFields["CHANGED_DATE"] = $arFields["CREATED_DATE"]; $ID = $DB->Add("b_tasks", $arFields, array("DESCRIPTION"), "tasks"); if ($ID) { $arFields["ID"] = $ID; CTaskNotifications::SendAddMessage($arFields); $arLogFields = array("TASK_ID" => $ID, "USER_ID" => $arFields["CREATED_BY"], "CREATED_DATE" => $arFields["CREATED_DATE"], "FIELD" => "NEW"); $log = new CTaskLog(); $log->Add($arLogFields); } } else { $strUpdate = $DB->PrepareUpdate("b_tasks", $arFields, "tasks"); $strSql = "UPDATE b_tasks SET " . $strUpdate . " WHERE ID=" . $ID; $arBinds = array('DESCRIPTION' => $arFields['DESCRIPTION']); $result = $DB->QueryBind($strSql, $arBinds, false, "File: " . __FILE__ . "<br>Line: " . __LINE__); if ($result) { $rsTask = CTasks::GetByID($ID, false); if ($arTask = $rsTask->Fetch()) { $arFields["CHANGED_BY"] = $arFields["RESPONSIBLE_ID"]; $arFields["CHANGED_DATE"] = date($DB->DateFormatToPHP(CSite::GetDateFormat("FULL")), time() + CTimeZone::GetOffset()); CTaskNotifications::SendUpdateMessage($arFields, $arTask); $arChanges = CTaskLog::GetChanges($arTask, $arFields); foreach ($arChanges as $key => $value) { $arLogFields = array("TASK_ID" => $ID, "USER_ID" => $arFields["CHANGED_BY"], "CREATED_DATE" => $arFields["CHANGED_DATE"], "FIELD" => $key, "FROM_VALUE" => $value["FROM_VALUE"], "TO_VALUE" => $value["TO_VALUE"]); $log = new CTaskLog(); $log->Add($arLogFields); } } } } }
$arProperty['FILTER_HINT'] = $arDefPropInfo['FILTER_HINT']; } $arProperty['MULTIPLE'] = 'Y' == $arProperty['MULTIPLE'] ? 'Y' : 'N'; $arProperty['IS_REQUIRED'] = 'Y' == $arProperty['IS_REQUIRED'] ? 'Y' : 'N'; $arProperty['FILTRABLE'] = 'Y' == $arProperty['FILTRABLE'] ? 'Y' : 'N'; $arProperty['SEARCHABLE'] = 'Y' == $arProperty['SEARCHABLE'] ? 'Y' : 'N'; $arProperty['ACTIVE'] = 'Y' == $arProperty['ACTIVE'] ? 'Y' : 'N'; $arProperty['SECTION_PROPERTY'] = 'N' == $arProperty['SECTION_PROPERTY'] ? 'N' : 'Y'; $arProperty['SMART_FILTER'] = 'Y' == $arProperty['SMART_FILTER'] ? 'Y' : 'N'; $arProperty['DISPLAY_TYPE'] = substr($arProperty['DISPLAY_TYPE'], 0, 1); $arProperty['DISPLAY_EXPANDED'] = 'Y' == $arProperty['DISPLAY_EXPANDED'] ? 'Y' : 'N'; $arProperty['FILTER_HINT'] = trim($arProperty['FILTER_HINT']); if ($arProperty['FILTER_HINT']) { $TextParser = new CBXSanitizer(); $TextParser->SetLevel(CBXSanitizer::SECURE_LEVEL_LOW); $TextParser->ApplyHtmlSpecChars(false); $arProperty['FILTER_HINT'] = $TextParser->SanitizeHtml($arProperty['FILTER_HINT']); } $arProperty['MULTIPLE_CNT'] = intval($arProperty['MULTIPLE_CNT']); if (0 >= $arProperty['MULTIPLE_CNT']) { $arProperty['MULTIPLE_CNT'] = DEF_LIST_VALUE_COUNT; } $arProperty['WITH_DESCRIPTION'] = 'Y' == $arProperty['WITH_DESCRIPTION'] ? 'Y' : 'N'; if (!empty($arListValues)) { $arProperty["VALUES"] = $arListValues; } $arHidden = array(); foreach ($arHiddenPropFields as &$strPropField) { if (isset($arProperty[$strPropField])) { $arHidden[$strPropField] = $arProperty[$strPropField]; unset($arProperty[$strPropField]);
function GetPropertyInfo($strPrefix, $ID, $boolUnpack = true, $arHiddenPropFields = array()) { global $arDefPropInfo; $boolUnpack = $boolUnpack === true; $arResult = false; if (!is_array($arHiddenPropFields)) { return $arResult; } if (isset($_POST[$strPrefix . $ID . '_NAME']) && 0 < strlen($_POST[$strPrefix . $ID . '_NAME']) && isset($_POST[$strPrefix . $ID . '_PROPINFO'])) { $strEncodePropInfo = $_POST[$strPrefix . $ID . '_PROPINFO']; $strPropInfo = base64_decode($strEncodePropInfo); if (CheckSerializedData($strPropInfo)) { $arResult = array('ID' => isset($_POST[$strPrefix . $ID . '_ID']) && 0 < intval($_POST[$strPrefix . $ID . '_ID']) ? intval($_POST[$strPrefix . $ID . '_ID']) : 0, 'NAME' => strval($_POST[$strPrefix . $ID . "_NAME"]), 'SORT' => 0 < intval($_POST[$strPrefix . $ID . "_SORT"]) ? intval($_POST[$strPrefix . $ID . "_SORT"]) : 500, 'CODE' => isset($_POST[$strPrefix . $ID . "_CODE"]) ? strval($_POST[$strPrefix . $ID . "_CODE"]) : '', 'MULTIPLE' => isset($_POST[$strPrefix . $ID . "_MULTIPLE"]) && 'Y' == $_POST[$strPrefix . $ID . "_MULTIPLE"] ? 'Y' : 'N', 'IS_REQUIRED' => isset($_POST[$strPrefix . $ID . "_IS_REQUIRED"]) && 'Y' == $_POST[$strPrefix . $ID . "_IS_REQUIRED"] ? 'Y' : 'N', 'ACTIVE' => isset($_POST[$strPrefix . $ID . "_ACTIVE"]) && 'Y' == $_POST[$strPrefix . $ID . "_ACTIVE"] ? 'Y' : 'N', 'USER_TYPE' => false); if (isset($_POST[$strPrefix . $ID . "_PROPERTY_TYPE"])) { if (false !== strpos($_POST[$strPrefix . $ID . "_PROPERTY_TYPE"], ":")) { list($arResult["PROPERTY_TYPE"], $arResult["USER_TYPE"]) = explode(':', $_POST[$strPrefix . $ID . "_PROPERTY_TYPE"], 2); } else { $arResult["PROPERTY_TYPE"] = $_POST[$strPrefix . $ID . "_PROPERTY_TYPE"]; } } if ($boolUnpack) { $arPropInfo = unserialize($strPropInfo); foreach ($arHiddenPropFields as &$strFieldKey) { $arResult[$strFieldKey] = isset($arPropInfo[$strFieldKey]) ? $arPropInfo[$strFieldKey] : $arDefPropInfo[$strFieldKey]; } $arResult['ROW_COUNT'] = intval($arResult['ROW_COUNT']); if (0 >= $arResult['ROW_COUNT']) { $arResult['ROW_COUNT'] = $arDefPropInfo['ROW_COUNT']; } $arResult['COL_COUNT'] = intval($arResult['COL_COUNT']); if (0 >= $arResult['COL_COUNT']) { $arResult['COL_COUNT'] = $arDefPropInfo['COL_COUNT']; } $arResult['LINK_IBLOCK_ID'] = intval($arResult['LINK_IBLOCK_ID']); if (0 > $arResult['LINK_IBLOCK_ID']) { $arResult['LINK_IBLOCK_ID'] = $arDefPropInfo['LINK_IBLOCK_ID']; } $arResult['WITH_DESCRIPTION'] = 'Y' == $arResult['WITH_DESCRIPTION'] ? 'Y' : 'N'; $arResult['FILTRABLE'] = 'Y' == $arResult['FILTRABLE'] ? 'Y' : 'N'; $arResult['SEARCHABLE'] = 'Y' == $arResult['SEARCHABLE'] ? 'Y' : 'N'; $arResult['SECTION_PROPERTY'] = 'N' == $arResult['SECTION_PROPERTY'] ? 'N' : 'Y'; $arResult['SMART_FILTER'] = 'Y' == $arResult['SMART_FILTER'] ? 'Y' : 'N'; $arResult['DISPLAY_TYPE'] = substr($arResult['DISPLAY_TYPE'], 0, 1); $arResult['DISPLAY_EXPANDED'] = 'Y' == $arResult['DISPLAY_EXPANDED'] ? 'Y' : 'N'; $arProperty['FILTER_HINT'] = trim($arProperty['FILTER_HINT']); if ($arProperty['FILTER_HINT']) { $TextParser = new CBXSanitizer(); $TextParser->SetLevel(CBXSanitizer::SECURE_LEVEL_LOW); $TextParser->ApplyHtmlSpecChars(false); $arProperty['FILTER_HINT'] = $TextParser->SanitizeHtml($arProperty['FILTER_HINT']); } $arResult['MULTIPLE_CNT'] = intval($arResult['MULTIPLE_CNT']); if (0 >= $arResult['MULTIPLE_CNT']) { $arResult['MULTIPLE_CNT'] = $arDefPropInfo['MULTIPLE_CNT']; } $arResult['LIST_TYPE'] = 'C' == $arResult['LIST_TYPE'] ? 'C' : 'L'; if ('Y' != COption::GetOptionString("iblock", "show_xml_id", "N") && isset($arResult["XML_ID"])) { unset($arResult["XML_ID"]); } } else { $arResult['PROPINFO'] = $strEncodePropInfo; } if (0 < intval($ID)) { $arResult['DEL'] = isset($_POST[$strPrefix . $ID . "_DEL"]) && 'Y' == $_POST[$strPrefix . $ID . "_DEL"] ? 'Y' : 'N'; } } } return $arResult; }
/** * Sanitizes string and converts it to the site's charset. * * @param string $str Input string. * @return string */ protected function filterString($str) { $sanitizer = new \CBXSanitizer(); $sanitizer->SetLevel(\CBXSanitizer::SECURE_LEVEL_HIGH); $sanitizer->ApplyHtmlSpecChars(false); $str = html_entity_decode($str, ENT_QUOTES, $this->getEncoding()); $str = Encoding::convertEncoding($str, $this->getEncoding(), Context::getCurrent()->getCulture()->getCharset()); $str = trim($str); $str = $sanitizer->SanitizeHtml($str); return $str; }
public function AddHtml($html) { if (!isset($html)) { return false; } $sanitizer = new CBXSanitizer(); $sanitizer->SetLevel(CBXSanitizer::SECURE_LEVEL_MIDDLE); $sanitizer->ApplyHtmlSpecChars(false); $html = preg_replace('/<script\\b[^>]*>(.*?)<\\/script>/is', "", $html); $this->result['BLOCKS'][]['HTML'] = $sanitizer->SanitizeHtml($html); return true; }
/** * Sanitize tasks description if sanitizer enabled in task module options */ public static function SanitizeHtmlDescriptionIfNeed($rawHtml) { static $bUseHtmlSanitizer = null; static $oSanitizer = null; // Init sanitizer (if we need it) only once at hit if ($bUseHtmlSanitizer === null) { $bSanitizeLevel = COption::GetOptionString('tasks', 'sanitize_level'); if ($bSanitizeLevel >= 0) { $bUseHtmlSanitizer = true; if (!in_array($bSanitizeLevel, array(CBXSanitizer::SECURE_LEVEL_HIGH, CBXSanitizer::SECURE_LEVEL_MIDDLE, CBXSanitizer::SECURE_LEVEL_LOW))) { $bSanitizeLevel = CBXSanitizer::SECURE_LEVEL_HIGH; } $oSanitizer = new CBXSanitizer(); $oSanitizer->SetLevel($bSanitizeLevel); $oSanitizer->AddTags(array('blockquote' => array('style', 'class', 'id'), 'colgroup' => array('style', 'class', 'id'), 'col' => array('style', 'class', 'id', 'width', 'height', 'span', 'style'))); $oSanitizer->ApplyHtmlSpecChars(true); // if we don't disable this, than text such as "df 1 < 2 dasfa and 5 > 4 will be partially lost" $oSanitizer->DeleteSanitizedTags(false); } else { $bUseHtmlSanitizer = false; } } if (!$bUseHtmlSanitizer) { return $rawHtml; } return $oSanitizer->SanitizeHtml(htmlspecialcharsback($rawHtml)); }